Securing your Wordpress Application
Authorsupport support Article Reference NumberAA-04966 Views467 0 Rating/ Voters

=====Is my Wordpress site attacked?=====

Your Wordpress site may be vulnerable to brute force attacks. These actions are not solely targeted towards myhosting.com, they are international attacks on all WordPress websites.

As you may be aware, during our efforts to mitigate these attacks, we’ve implemented some restrictions on our network to limit the number of failed login attempts against WordPress sites. Now, over and above the previous measures, we are also removing access to all WordPress login pages by adding to the .htaccess file during the course of this attack.  This change will block access to only the wp-login.php page, the rest of the wordpress site is still fully accessible to all content browsers. We believe these proactive efforts are necessary to ensure the highest security to your website and prevent any unintentional service disruptions.

If your Wordpress administration has been blocked and you require access to your WordPress website urgently, then you can update your .htaccess file so that only requests from your own local static IP address will be accepted for logins. If you have a dynamic IP or accessing the WordPress from multiple locations, each of these IP addresses would need to be explicitly allowed in your .htaccess file as well. If you are unsure what the IP address is of your local machine, we suggest locating it using an IP lookup. In worst case scenario, you can remove the restriction lines as well entirely but this makes your wordpress website vulnerable to this attack, so please proceed with caution and make sure all wordpress user passwords are complex and secure.

=====How to Access WordPress=====

To enable your exclusive secure access to make any updates to your WordPress, we have documented the steps for each service where WordPress is available. The file has been given user write permission, so you can login and edit it through either ftp or the file manager. Below are documented steps to complete this.

Step 1 Log into FTP

Step 2 Locate your Domains Document root

Step 3 Right click the .htaccess file and select view/edit

Step 4 If your .htaccess file does not exist already as mentioned in the previous step, right click and select Create New File

Step 5 Add the following code, replacing 111\.111\.111\.111 IP with your own IP address (you can get this from http://whatsmyip.com )

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_URI} ^/wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^/wp-admin$
RewriteCond %{REMOTE_ADDR} !^111\.111\.111\.111$
RewriteRule ^(.*)$ – [R=403,L]
</IfModule>

Step 6 Save the file your FTP application will ask you to up load the file confirm the upload.

Note: If you have installed your application using the application installer you can locate your directory using the following wik http://myhosting.com/kb/index.php?/article/AA-00643

To further add, it is highly recommended that you make sure that your plugins are up to date.   Especially for those using WP Super Cache, please consider switching to latest version of W3TC or Quick Cache instead to further secure your site.

=====Wordpress reCAPTCHA=====

To further secure your Wordpress Application we recommend the use of a reCAPTCHA with your site which will reduce Login attempts on your site.

You can download the Plugin from Wordpress here

Or, Install your own with the use of Google reCAPTCHA here
Comments(0)
There are no comments for this article.
Info Add Comment
Nickname: Email (will not be shown): Subject: Comment:
Quick Jump Menu
Subscribe to updates Subscribe to Updates
Email to a frien Email to a Friend
Print Print Article
Info Vote
Info Ask a Question
Email (will not be shown): Subject: Question: